Security Market Segment LS
Tuesday, 01 November 2016 18:31

Symantec creates world’s largest GIN


Symantec has combined its threat intelligence and Blue Coat Threat Intelligence into its Global Intelligence Network (GIN). This creates the security industry’s largest and most diverse set of threat data combining threat data results in 500,000 additional attacks being blocked for Symantec customers every day.

And the power of this new data is evident to all from a micro (consumer) to macro (enterprise level). Two new attack campaigns and 137,000 new phishing campaigns have been uncovered.

“Symantec research teams have unparalleled visibility into the entire threat landscape, including the most advanced attacks, and Blue Coat researchers have been categorising, mapping, and fingerprinting the Internet with a view into the darkest parts of the web and malware tradecraft,” said Greg Clark, chief executive of Symantec.

“By fast-tracking the integration of the threat intelligence capabilities from Symantec and Blue Coat, Symantec products are now blocking 500,000 additional attacks per day for our endpoint, email, and Web security customers. Drawing out those kinds of results from data is only possible by using artificial intelligence, which gives our threat researchers a vastly augmented ability to spot attacks earlier than anyone else.”

The creation of the joint GIN brings significant enhancements to Symantec’s threat intelligence capabilities made uniquely possible by integrating Symantec and Blue Coat’s security telemetry and applying the data-crunching force of artificial intelligence that is needed when analysing numbers reaching into the trillions.

The GIN monitors more than nine trillion elements of security data, providing unparalleled visibility and protection for Symantec customers across their entire environments. Symantec now protects 175 million consumer and enterprise endpoints, 163 million email users, 80 million Web proxy users, and processes nearly eight billion security requests across these products every day.

The integration provides the foundation for Symantec’s Integrated Cyber Defence Platform, which allows Symantec products to share threat intelligence and improve security outcomes for customers across all control points. Symantec is the only vendor to connect endpoint, email, and Web protection across a single integrated intelligence platform.

The combined Symantec-Blue Coat threat telemetry has led to a series of significant protection improvements as well as discoveries of new attack campaigns. Examples cited by the company include:

Improved protection from sharing threat telemetry

Symantec and Blue Coat products are now automatically exchanging millions of malicious files and URL threat indicators daily. For example, when a ProxySG Web gateway installation at any customer site uncovers a brand new malicious file or URL, this telemetry is shared via the cloud with every Symantec Endpoint Protection and Norton Security deployment, thereby providing this same protection for all Symantec Endpoint Protection and Norton customers. Similarly, when an installation of Symantec Endpoint Protection or Norton Security discovers a new malicious file or URL, this intelligence is shared with all ProxySG installations, so that those customers can immediately benefit from the discovery of this new threat. This telemetry-sharing system is fully operational and has resulted in Symantec products blocking 500,000 additional attacks every day for the endpoint, email, and Web security customers.

New cyber espionage campaign discovered

After the cyber espionage agreement between the US and China was signed in September 2015, it was believed that the China-based cyber espionage group Buckeye had largely stopped their attack operations. Only through the combined threat intelligence of Symantec and Blue Coat did Symantec determine that the Buckeye group was still highly active, and had set their sights on a new target – Hong Kong political organisations. Symantec’s combined teams uncovered new spear-phishing emails targeting 13 political entities in Hong Kong leading up to the Hong Kong elections. These discoveries have allowed Symantec to enhance its protection capabilities against the Buckeye group’s campaigns, while also alerting customers to the re-emergence of this attack organization.

Sophisticated financial heists revealed

Symantec and Blue Coat’s combined telemetry led to the revelation that, since January 2016, a series of campaigns involving malware called Trojan.Odinaff has targeted roughly 100 financial institutions worldwide, including investment brokerage houses, consumer banks, and ATM networks. The Odinaff attack is unusual in that once attackers infiltrate a victim’s financial institution, they spend time learning about the exact capabilities of the target organisation, e.g., trading platforms, money wire capabilities, ATM networks, etc. Then the attackers execute an attack plan leveraging the specific capabilities of the compromised organisation, for example, withdrawing funds, making trades, or transferring money via the SWIFT wire transfer system. To date, the Odinaff attack group has stolen millions of dollars from victim institutions.  

Changing the game on anti-phishing

To combat the increased threat to enterprises and consumers from phishing emails, Symantec has developed technology that analyses new websites in real-time by comparing them to screenshots of known phishing sites. Leveraging machine learning and advanced image analysis, the technology is applied to more than 1.2 billion Web requests each day and has uncovered 137,000 new phishing campaigns since its release. New phishing sites identified by this system are now being blocked across Symantec’s endpoint, email, and Web security product portfolio.

Subscribe to Newsletter here

WEBINAR INVITE: Exploring Emerging Strategies for 5G Monetization

Network Operators continue to invest in 5G and build out their infrastructure.

With the recent impact of world events, the pressure is on to explore additional ways beyond traditional subscription models to monetize existing investments and speed up returns.

Creative thinking is key in this space, and in this webinar, you will learn about innovative ideas for Network Operators and Enterprise Business to enable new services and opportunities to drive incremental revenue.

Join us for this thought-provoking webinar with ITR Analyst, Marc Einstein, where you will learn about:

- Key industry 5G trends
- How COVID-19 is driving innovation and potential new business opportunities and applications for 5G

Click below to register your interest for the AUGUST 26, 4PM WEBINAR (AEST)



It's all about Webinars.

These days our customers Advertising & Marketing campaigns are mainly focussed on Webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial.

For covid-19 assistance we have extended terms, a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you. Please click the button below.


Ray Shaw

joomla stats

Ray Shaw  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!





Guest Opinion

Guest Interviews

Guest Reviews


Guest Research & Case Studies

Channel News